Hi All. I have read this on My ISP's Newsgroup and was wondering if
in fact this is right, as I have also been shown as an attacker Three
Times, Is there any truth in what Robin Walker has pointed out.
Many Thanks John Worley.
----- Original Message -----
From: "Robin Walker" <rdhw at cam.ac.uk>
Newsgroups: ntl.support.broadband.cm
Sent: Wednesday, August 29, 2001 7:28 PM
Subject: Re: NTL Support/Abuse Staff
in article b1aj7.4804$%P3.25208 at news11-gui.server.ntli.net, Paul H at
paul.humphreysno spam at ntlworld.com wrote on 29/8/01 18:56:
> I regularly send my Zonealarm firewall logs to this organisation
>http://www.dshield.org/ and have known been told that my IP, (that's
you
> NTL), have been involved in attacks on other users. Their report
reads:.....
>> IP Address: 62.253.32.5
> HostName: inktomi2-nor.server.ntl.com
> DShield Profile: Country: GB
> Contact E-mail: nmc at ntli.net> Total Records against IP: 3
> Number of targets: 3
> Date Range: 2001-08-04 to 2001-08-04
> Ports Attacked (up to 10):
>> Please advise current status of your Servers and Inkomi Caches...do
they
> need patching?
I think this Dshield report is worthless. Consider:
1. an NTL user sends their web browser to http://[IP number or DNS
address
somewhere]/
2. The request is routed via the local web proxy.
3. The target host is firewalled on port 80, and registers a stopped
attempt.
4. That host's user sends their logs to Dshield.
5. The web proxies get listed as attackers.
--
Robin Walker
rdhw at cam.ac.uk